How to use the chalice.deploy.models.ManagedIAMRole function in chalice
To help you get started, we’ve selected a few chalice examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws / chalice / tests / unit / deploy / test_planner.py View on Github 
def test_can_update_file_based_policy(self):
role = models.ManagedIAMRole(
resource_name='resource_name',
role_name='myrole',
trust_policy={},
policy=models.FileBasedIAMPolicy(
filename='foo.json',
document={'iam': 'policy'}),
)
self.remote_state.declare_resource_exists(role, role_arn='myrole:arn')
plan = self.determine_plan(role)
assert plan[0] == models.StoreValue(
name='myrole_role_arn', value='myrole:arn')
self.assert_apicall_equals(
plan[1],
models.APICall(
method_name='put_role_policy',
params={'role_name': 'myrole',actual_role_arn = actual_role.role_arn
assert isinstance(actual_role, models.PreCreatedIAMRole)
assert expectations['iam_role_arn'] == actual_role_arn
if actual_role_arn in roles_by_identifier:
assert roles_by_identifier[actual_role_arn] is actual_role
roles_by_identifier[actual_role_arn] = actual_role
continue
actual_name = actual_role.role_name
assert expectations['name'] == actual_name
if actual_name in roles_by_identifier:
assert roles_by_identifier[actual_name] is actual_role
roles_by_identifier[actual_name] = actual_role
is_autogenerated = expectations.get('autogenerated', False)
policy_file = expectations.get('policy_file')
if is_autogenerated:
assert isinstance(actual_role, models.ManagedIAMRole)
assert isinstance(actual_role.policy, models.AutoGenIAMPolicy)
if policy_file is not None and not is_autogenerated:
assert isinstance(actual_role, models.ManagedIAMRole)
assert isinstance(actual_role.policy,
models.FileBasedIAMPolicy)
assert actual_role.policy.filename == os.path.join(
'.', '.chalice', expectations['policy_file'])def test_managed_iam_role(self):
role = models.ManagedIAMRole(
resource_name='default_role',
role_name='app-dev',
trust_policy=LAMBDA_TRUST_POLICY,
policy=models.AutoGenIAMPolicy(document={'iam': 'policy'}),
)
template = self.template_gen.generate([role])
resources = template['Resources']
assert len(resources) == 1
cfn_role = resources['DefaultRole']
assert cfn_role['Type'] == 'AWS::IAM::Role'
assert cfn_role['Properties']['Policies'] == [
{'PolicyName': 'DefaultRolePolicy',
'PolicyDocument': {'iam': 'policy'}}
]
# Ensure the RoleName is not in the resource properties
# so we don't require CAPABILITY_NAMED_IAM.def test_can_set_variables_when_needed(self):
function = create_function_resource('function_name')
self.remote_state.declare_no_resources_exists()
function.role = models.ManagedIAMRole(
resource_name='myrole',
role_name='myrole-dev',
trust_policy={'trust': 'policy'},
policy=models.FileBasedIAMPolicy(
filename='foo.json', document={'iam': 'role'}),
)
plan = self.determine_plan(function)
call = plan[0]
assert call.method_name == 'create_function'
# The params are verified in test_can_create_function,
# we just care about how the role_arn Variable is constructed.
role_arn = call.params['role_arn']
assert isinstance(role_arn, Variable)
assert role_arn.name == 'myrole-dev_role_arn'def test_role_does_not_exist(self):
client = self.client
client.get_role_arn_for_name.side_effect = ResourceDoesNotExistError()
role = models.ManagedIAMRole('my_role',
role_name='app-dev', trust_policy={},
policy=None)
assert not self.remote_state.resource_exists(role)
self.client.get_role_arn_for_name.assert_called_with('app-dev')'.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir,
'.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(
filename=filename, document=models.Placeholder.BUILD_STAGE)
else:
resource_name = 'default-role'
role_name = '%s-%s' % (config.app_name, stage_name)
policy = models.AutoGenIAMPolicy(
document=models.Placeholder.BUILD_STAGE,
traits=set([]),
)
return models.ManagedIAMRole(
resource_name=resource_name,
role_name=role_name,
trust_policy=LAMBDA_TRUST_POLICY,
policy=policy,
)function_name)
if config.iam_policy_file is not None:
filename = os.path.join(config.project_dir,
'.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir,
'.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(filename=filename)
else:
resource_name = 'default-role'
role_name = '%s-%s' % (config.app_name, stage_name)
policy = models.AutoGenIAMPolicy(
document=models.Placeholder.BUILD_STAGE)
return models.ManagedIAMRole(
resource_name=resource_name,
role_name=role_name,
trust_policy=LAMBDA_TRUST_POLICY,
policy=policy,
)def _get_role_identifier(self, role):
# type: (models.IAMRole) -> str
if isinstance(role, models.PreCreatedIAMRole):
return role.role_arn
# We know that if it's not a PreCreatedIAMRole, it's
# a managed role, so we're using cast() to make mypy happy.
role = cast(models.ManagedIAMRole, role)
return role.resource_name
Popular chalice functions
- chalice.app.Chalice
- chalice.awsclient.TypedAWSClient
- chalice.BadRequestError
- chalice.Chalice
- chalice.ChaliceViewError
- chalice.cli.factory.CLIFactory
- chalice.config.Config
- chalice.config.Config.create
- chalice.deploy.deployer.ApplicationGraphBuilder
- chalice.deploy.models
- chalice.deploy.models.APICall
- chalice.deploy.models.AutoGenIAMPolicy
- chalice.deploy.models.LambdaFunction
- chalice.deploy.models.ManagedIAMRole
- chalice.deploy.models.PreCreatedIAMRole
- chalice.deploy.models.RestAPI
- chalice.deploy.planner.Variable
- chalice.Response
- chalice.utils.OSUtils
- chalice.utils.UI